Denis Beauchemin wrote:
> Le mer 03/03/2004 à 12:14, Denis Beauchemin a écrit :
>>>Many infected password-protected zip files passed through our McAfee AV
>>(using 4332). Nonetheless we detected 341 W32/Bagle.j at MM since
>>midnight.
>>Le mer 03/03/2004 à 11:34, Michael Baird a écrit :
>>>>>Good Question, Does DAT 4332 fix it, my understanding was that it
>>>handled the unzipping and so forth, and MailScanner interpreted the
>>>response, I'm looking for confirmation, I'm running an older version of
>>>MailScanner (4.25-14 I believe), I hate to upgrade unless it's
>>>necessary.
>>> I've taken a look at the Bagle.j detected so far and none were in a zip
> file (all were plain pif files).
>> So I'd say 4332 is definitely not catching any password-protected Bagle!
>> Denis
As Bagle encrypt the virus itself in the zip with a random password, how can McAfee (or any other antivirus) catch a
virus encrypted in 999999 different forms ? (the password is 6 integer digits)
I far as I know, the only solution is to trash any password protected zip at all, as the latest MS does; I've done today
the upgrade from a 3.x release (yes was almost fine before today....)
and all the Bagle was cutted off my inboxes.
Bye.
--
Dott. Sergio Rabellino
Technical Staff
Department of Computer Science
University of Torino (Italy)
http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603